Tunneling is a technique in which one protocol is encapsulated by another protocol of the same or higher layer. In effect, the original protocol disappears into the payload of the tunneling protocol. Metaphorically, this has the same obscuring effect as if the original protocol were moving through a dark tunnel.
Tunneling allows for messages to pass though devices or links that would otherwise be unequipped to handle them. For example, tunneling is one strategy to facilitate IPv4 to IPv6 interoperabilility. Consider an IPv6 host sending a message to another IPv6 host over intermediate links that do not support IPv6. Upon entering an IPv4 only network segment, the IPv6 message can be wrapped within a new IPv4 header. This IPv4 header can then be disguarded once the message returns to an IPv6-enabled link.
Tunneling is also used for security purposes. VPN protocols encrypt packets at the edge of an untrusted link and then decrypt these packets at the far edge of the untrusted network. Such packets are said to be moving through a VPN tunnel. Tunneling may also compromise security, such as when tunnels are used to pass packets through firewalls by disguising the true nature of the message. For this reason, firewalls may need to be configured to block or inspect protocols used for tunneling.
Examples of protocols that employ tunneling include: